What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2023-22056.

What is the severity of CVE-2023-22056?

CVE-2023-22056 has a severity level of medium.

Which versions of Oracle MySQL are affected by CVE-2023-22056?

The affected versions of Oracle MySQL are 8.0.33 and prior.

How can an attacker exploit CVE-2023-22056?

An attacker with network access via multiple protocols can exploit CVE-2023-22056 to compromise MySQL Server.

How do I fix CVE-2023-22056?

To fix CVE-2023-22056, update to version 8.0.34 of Oracle MySQL.

Vulnerability/
CVE-2023-22056

medium

4.9

CWE

18/7/2023

5/3/2024

CVE-2023-22056

First published: Tue Jul 18 2023(Updated: )

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Credit: secalert_us@oracle.com secalert_us@oracle.com secalert_us@oracle.com

Affected Software	Affected Version	How to fix
Oracle MySQL	>=8.0.0<=8.0.33
Oracle Mysql Server	>=8.0.0<=8.0.33
Fedoraproject Fedora	=37
Fedoraproject Fedora	=38
Fedoraproject Fedora	=39
Apple iPadOS
Apple watchOS
NetApp OnCommand Insight
NetApp OnCommand Workflow Automation
Netapp Snapcenter
ubuntu/mysql-8.0	<8.0.34	8.0.34
ubuntu/mysql-8.0	<8.0.34-0ubuntu0.20.04.1	8.0.34-0ubuntu0.20.04.1
ubuntu/mysql-8.0	<8.0.34-0ubuntu0.22.04.1	8.0.34-0ubuntu0.22.04.1
ubuntu/mysql-8.0	<8.0.34-0ubuntu0.23.04.1	8.0.34-0ubuntu0.23.04.1
ubuntu/mysql-8.0	<8.0.34-0ubuntu2	8.0.34-0ubuntu2
debian/mysql-8.0		8.0.36-2
redhat/mysql	<8.0.34	8.0.34

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-6288-1

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-22056.
What is the severity of CVE-2023-22056?
CVE-2023-22056 has a severity level of medium.
Which versions of Oracle MySQL are affected by CVE-2023-22056?
The affected versions of Oracle MySQL are 8.0.33 and prior.
How can an attacker exploit CVE-2023-22056?
An attacker with network access via multiple protocols can exploit CVE-2023-22056 to compromise MySQL Server.
How do I fix CVE-2023-22056?
To fix CVE-2023-22056, update to version 8.0.34 of Oracle MySQL.

collector/nvd-latest
vendor/oracle
product/mysql
canonical/oracle mysql
collector/nvd-index
collector/nvd-api
collector/launchpad-cve
source/Launchpad
agent/last-modified-date
agent/first-publish-date
agent/type
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
agent/weakness
agent/author
agent/references
agent/severity
agent/tags
agent/description
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-22056
version/oracle mysql/8.0.0
version/oracle mysql/8.0.33
canonical/oracle mysql server
version/oracle mysql server/8.0.0
version/oracle mysql server/8.0.33
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/37
version/fedoraproject fedora/38
version/fedoraproject fedora/39
vendor/netapp
canonical/apple ipados
canonical/apple watchos
canonical/netapp oncommand insight
canonical/netapp oncommand workflow automation
canonical/netapp snapcenter
package-manager/ubuntu
package-manager/debian
package-manager/redhat